Filtering by keywords
You can use keyword filters to create complex Flow Monitor interface report views. This is useful when you need to view data about the traffic generated by a specific computer, to a specific domain, etc.
After you apply a filter to the Interface Details report, the dashboard report that coincides with the filter reloads with a time graph for the filtered traffic component. For example, if you apply a filter for the http application, the Top Applications dashboard report displays a time graph of http application use for the time period selected at the top of the Interface Details report.
You can easily determine which dashboard report contains the time graph by looking for the filter enclosed in parenthesis to the right of the dashboard report title name.
: You can remove the applied filter by clicking the red X under the time graph.
To filter by keywords:
- At the top of the report, select . Filter boxes appear below the button.
- Select the type of filter you want to apply.
: When you are using a type of filter that matches a device using an IP address, you can use CIDR notation to identify a subnet of hosts from which the reports display data. For example, when you select a Sender filter type, you can specify a subnet using 192.168.11.0/24 to display information from all of the hosts in the subnet.
- . Show traffic sent by the specified device. You can match a device using its host name or its IP address.
- . Show traffic received by the specified device. You can match a device using its host name or its IP address.
- . Show traffic that used the specified protocol (such as UDP, TCP, or ICMP).
- . Show traffic that used the specified type of service.
- . Show traffic that used the specified application. The keyword must match the application name as configured in the Flow ports dialog.
: You can enter a port number instead of an application name to show all traffic transmitting over a certain port.
- . Show traffic sent by hosts on the specified domain.
- . Show traffic received by hosts on the specified domain.
- . Show traffic sent by devices whose IP addresses are registered to the specified country.
- . Show traffic received by devices whose IP addresses are registered to the specified country.
- . Show traffic sent by the specified group.
- . Show traffic received by the specified group.
- . Show traffic sent by domains that have the specified top level domain (such as .com, .net, .us, or .uk).
- . Show traffic received by domains that have the specified top level domain (such as .com, .net, .us, or .uk).
- . Show traffic by ICMP type.
- . Show traffic by packet size.
- . Show traffic by sender Autonomous System Number (ASN).
- . Show traffic by receiver Autonomous System Number (ASN).
- . Show traffic by NBAR application.
- . Show traffic by port number.
- Optionally, click to add additional filters.
- Click . The report refreshes showing only data that matches the filters you have configured.
: If you configure a filter incorrectly, you can remove it from the current view by clicking the red X located to the right of the keyword box.